On Fri, Aug 16, 2013 at 2:11 PM, zooko <zo...@zooko.com> wrote: > On Tue, Aug 13, 2013 at 03:16:33PM -0500, Nico Williams wrote: >> >> Nothing really gets anyone past the enormous supply of zero-day vulns in >> their complete stacks. In the end I assume there's no technological PRISM >> workarounds. > > I agree that compromise of the client is relevant. My current belief is that > nobody is doing this on a mass scale, pwning entire populations at once, and > that if they do, we will find out about it.
That's fair, and true-enough, although you never know. pwning everyone is a very costly operation: you can only do it once for each pwn, and the political risks and costs are high enough to put the entire concept at risk. But we've seen actors take some breathtaking risks in recent years (e.g., Flame)... > My goal with the S4 product is not primarily to help people who are being > targeted by their enemies, but to increase the cost of indiscriminately > surveilling entire populations. That's fair, and a point that I should learn to make in general. We saw China back down from banning github -- that's a big clue that sufficiently popular services have leverage against foreign governments, and possibly local ones too. Nico -- _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography